Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RETURNED Still infected. Starting over.


  • This topic is locked This topic is locked
8 replies to this topic

#1 pjvex86

pjvex86

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 07 September 2009 - 12:16 AM

I am back for a second time.

I wrote a very long post the first time I was here, and I really cannot repeat it at the moment. I know so much about the rootkit/worm that has infected me as it has been with me through two machines and since last February. So I have not been able to use my second (and newer) laptop after getting rid of the first laptop because it was old and I could not get rid of this bug!

So I am very demoralized. I have screamed at my webcam and while working on other things I actually speak to my computer because it has an integrated mic. This sounds crazy and maybe I am (and I realize that a few times, my paranoia -- given that windows is structured so illogically -- has created problems which I then attributed to the rootkit/worm... so I know this is wrong, but given the length of time I have had with this (feel like it is living with cancer), I seriously have lost QOL.

The first time I was here, I had two laptops, the second one was my father's laptop which I had borrowed and somehow infected (although I took every step to keep them apart and not sharing media or even internet connection. Some progress was made on father's laptop, but he ended up taking it back (angry with me), and my laptop was deemed likely not infected. One reason this conclusion might have been made is that I have a 64bit laptop and was running all 64bit OSs (I dual boot windows and linux), and there seemed to be a dearth of diagnostics for 64bit machines. What was available yielded no clues, so the tech assistant who took my thread had nothing more to do.

Well that was back in early June, and near the end of July, even though I bought the 64bit machine to utilize its wider data bus, but I guess since I became infected, I would have to switch to 32 bit Operating Systems. So I have been running Vista Ultimate 32 bit and Linux Mint 7 32 bit since early August, and both systems are useless.

I know given the volume of people seeking assistance from this site, I realize there is not a lot of room for "bedside manner" or, in other words, discussing the nature of the rootkit or whatever it is is not as important as just getting rid of it. For purposes of practicality, I agree with this, but whatever has infected me has accomplished so many incredible feats that I am very interested in the means in which it is being accomplished. I have a background in computers, still program a bit, and understand tcp/ip and DNS pretty well. I even have my own IPv6 tunnel (which I am not using yet because I am waiting to get rid of the problem I have with this laptop!). Further, I was once more of a "cracker" (although innocent stuff), but having said that, I can certainly say I have a hacker mindset, and therefore what is being done to my machine is incredible to me and would like to learn how it is done (or which protocol or through which system or adapter it is being channeled through).

My overall point is that I am more computer literate than most, and given this, I know there is NO SUCH THING AS "THAT CAN'T HAPPEN". Believe me, with what I know can be done and have read through code that uses IPv6, mDNS, and dbus in ways that virtually renders every PC effectively without defense (irrespective of the most stringent firewall), I know that there is something really unusual with my laptop.

I know it is a rootkit (or at least I can say for sure that part of this bug resides in the boot sector because I have tried to change the some of the instructions to correct them), and as far as the purpose of this rootkit or whatever it is, the only thing I can confirm is that it uses (steals) both processing power and bandwidth... and it deletes files OFTEN. It deletes the files I use to fight it, essentially.

Usually this bug hooks into ANY application so quickly that I can not verify things very often (I used to have gigabyte of screenshots to help explain to people that I am in fact, infected with something). But I had an undeniable showing of activity just tonight and this is what prompted me to post again. Tonight I installed a bandwidth monitor. I had been using the trial version of this particular bandwidth monitor for about a week and my speed (on my ethernet adapter) was very low compared to what I am paying for (I am getting about 1Mbit/second as opposed to the 7Mbit/sec I should be getting).

When I installed the "pro" version of the bandwidth monitor, one of its features was that it monitored "all adapters". Even though I have physically removed my wireless NIC, there are ways in and out of a computer that are novel -- in other words, the ethernet adapter showing TCP/UDP (IPv4) activity is not painting the entire picture. Anyway, as said above, during the prior week, my wired "ethernet adapter" showed approximately 1mbit/s total transfer speed. But the new bandwidth meter now shows 6.5Mbit/sec (although it won't be for much longer because this will be hooked soon). When I opened the older trial version of the bandwith meter that only looked at the ethernet connection (and presumably tcp/ipv4), it still showed about 1 - 1.5Mbit/second. But on the same screen, using the same tool except with a "use all adapters" switch, the speed is much higher. I tried using TCPview -- a utility from sysinternals -- and it showed the tcp and udp (both ipv4 and ipv6) connections, and I saw countless connections (many of which I traced to unusual sockets) that could not be accounted for. THe remote IP addresses are either just DNS severs or untraceable proxies. So I think I am just being farmed.

BUT I AM GOING CRAZY. Please help. I have ran Combofix countless times (hell, I have reinstalled my OS not less than 50 times since February), and I get some really interesting results most of the time. I always use a new version. I know you guys have access to unique and newly coded apps and versions of tools that I do not, so I didnt run anything for this post.

Just let me know what diagnostic to download and run, and I will post it. But I ask that you please think out of the box -- because this isn't just SKYNET or something like that (at least I do not think so). I will let you guys figure it out, because I am ready to throw myself off a bridge.


Paul

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 07 September 2009 - 12:32 AM

Hello and welcome.
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check ONLY the Drivers and Files boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Edited by boopme, 07 September 2009 - 12:33 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pjvex86

pjvex86
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 08 September 2009 - 01:27 AM

Hi, I downloaded rootrepeal from the primary mirror... and when I started it, there was no "report" option, only the "Scan" button, and the "Save Report" button.

Fearing that the utility had already been compromised, I decided to download the archived version. So after I downloaded the rar, I unzipped it to the desktop into a new folder with a random name. Upon running this copy of rootrepeal, I got a windows error. Thankfully, I was able to save this. Below is the output of the error:

01:12:09: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x000000e0)
01:12:09: DeviceIoControl Error! Error Code = 0x1e7
01:12:09: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x000000e0)



This result does not surprise me.

From my experience I feel like this trojan/worm/rootkit is dynamically monitoring my system and seems to have either a real person watching what happens or some very complex AI built into the rootkit, which in either case, it has the ability to make remote modifications on the fly to deal with my attempts to rid it from my system.

For example, I have downloaded AV applications that would start to work, and then stop suddenly or become corrupted in the middle of a scan. After this would happen, I would try to download the same application again, (often trying to outmanuever the rootkit by giving the downloaded file a different name, or saving it to the root, or both) and when I would run the newly downloaded AV application, this time it would either have a completely different interface, or it had substantial elements greyed out preventing me from using it effectively.

This "rootkit" makes me feel like someone is watching my every move.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 08 September 2009 - 08:48 AM

You have a rootkit. It appears to be the latest one plaguing most of our posters.
As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team member.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.

Now ... Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 pjvex86

pjvex86
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 08 September 2009 - 07:58 PM

Well this one is definitely nastly....

I could not even run your win32diag.... I have a screenshot, but it seems I cannot post it, but when I try to run it, a dos window opens up and it say:


Warning Could not get back up priviliges!
Searching C:\WINDOWS...

Could not access C:\Windows\CSC\v2.0.6\pq


Any hope left? Can I run it in safe mode?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 08 September 2009 - 08:21 PM

Ok,this is rough "Custers Last stand."
  • Please download System Repair Engineer from here
  • Unzip/extract sreng2.zip to a folder on your desktop
  • Double-click on SREngLdr.EXE to launch System Repair Engineer
  • Click the Smart Scan Icon
  • Click Scan
  • Wait for the scan to finish
  • Click on the Save Reports button
  • Save it to your desktop, using the recommended name of SREngLOG.log
  • Close System Repair Engineer
  • Use notepad to open the SREngLOG.log file
  • Copy & paste the contents of that file as a reply to this topic
  • Note: The log may be long, and you may need several posts to post all of it
  • If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 pjvex86

pjvex86
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 09 September 2009 - 12:38 PM

Well thankfully that worked....

Below is the log to System Repair Engineer:

2009-09-09,12:34:49

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows Vista Ultimate Edition Service Pack 2 (Build 6002) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<WindowsWelcomeCenter><rundll32.exe oobefldr.dll,ShowWelcomeCenter>  [(Verified)Microsoft Windows]
	<uTorrent><"C:\Program Files\uTorrent\uTorrent.exe">  [(Verified)BitTorrent Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<filehippo.com><"C:\Program Files\Update Checker\UpdateChecker.exe" /background>  [FileHippo.com]
	<LClock><C:\Program Files\LClock\LClock.exe>  []
	<StartCCC><"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun>  [File is missing]
	<SysTrayApp><%ProgramFiles%\IDT\WDM\sttray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><explorer.exe>  [Microsoft Corporation]
	<Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WebCheck><C:\Windows\System32\webcheck.dll>  [(Verified)Microsoft Windows]
	<IconPackager Repair><C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll>  [(Verified)Stardock Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
	<{E31004D1-A431-41B8-826F-E902F9D95C81}><%SystemRoot%\System32\DreamScene.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
	<Windows Ultimate Extras><%SystemRoot%\system32\soundschemes.exe /AddRegistration>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
	<Windows Ultimate Extras><%SystemRoot%\system32\soundschemes2.exe /AddRegistration>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
	<SCRNSAVE.EXE><C:\Windows\system32\scrnsave.scr>  [(Verified)Microsoft Windows]

==================================
Startup Folders
[3duserpic.exe]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3duserpic.exe.lnk --> C:\Windows\GLOBAL~1\ANIMAT~1\3DUSER~1.EXE [Andreas Verhoeven]><N>
[ram]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ram.vbe -->  [File is missing]><N>
[3duserpic.exe]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3duserpic.exe.lnk --> C:\Windows\GLOBAL~1\ANIMAT~1\3DUSER~1.EXE [Andreas Verhoeven]><N>
[ram]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ram.vbe -->  [File is missing]><N>

==================================
Services
[Andrea ST Filters Service / AESTFilters][Running/Auto Start]
  <C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe><Andrea Electronics Corporation>
[AMD External Events Utility / AMD External Events Utility][Running/Auto Start]
  <C:\Windows\system32\atiesrxx.exe><AMD>
[Diskeeper / Diskeeper][Running/Auto Start]
  <"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[Shell Hardware Detection / ShellHWDetection][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Audio Service / STacSV][Running/Auto Start]
  <C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe><IDT, Inc.>
[Themes / Themes][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\shsvcs.dll><Microsoft Corporation>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[ATI Function Driver for HDMI Service / AtiHdmiService][Running/Manual Start]
  <system32\drivers\AtiHdmi.sys><ATI Research Inc.>
[atikmdag / atikmdag][Running/Manual Start]
  <system32\DRIVERS\atikmdag.sys><ATI Technologies Inc.>
[Broadcom 802.11 Network Adapter Driver / BCM43XX][Running/Manual Start]
  <system32\DRIVERS\bcmwl6.sys><Broadcom Corporation>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ISO DVD/CD-ROM Device Driver / ISODrive][Running/System Start]
  <\??\C:\Program Files\UltraISO\drivers\ISODrive.sys><EZB Systems, Inc.>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[JMCR / JMCR][Running/Manual Start]
  <system32\DRIVERS\jmcr.sys><JMicron Technology Corporation>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Corporation>
[MegaSR / MegaSR][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasr.sys><LSI Corporation, Inc.>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[NVIDIA nForce RAID Driver	/ nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[Realtek 8169 NT Driver / RTL8169][Running/Manual Start]
  <system32\DRIVERS\Rtlh86.sys><Realtek Corporation>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[IDT High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\DRIVERS\stwrt.sys><IDT, Inc.>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[AMD USB Filter Driver / usbfilter][Running/Manual Start]
  <system32\DRIVERS\usbfilter.sys><Advanced Micro Devices Inc.>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>

==================================
Browser Add-ons
[]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, (Signed) Sun Microsystems, Inc.>
[]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[]
  {5C255C8A-E604-49B4-9D64-90988571CECB} <, >
[]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <, >
[]
  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <, >
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 536 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 668 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 700 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 720 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 752 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 764 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 776 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 900 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 956 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 988 / SYSTEM][C:\Windows\system32\atiesrxx.exe]  [AMD, 6.14.11.1033]
[PID: 1044 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\system32\SHSVCS.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1080 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\stapo.dll]  [IDT, Inc., 1.0.6087.0]
	[C:\Windows\system32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll]  [SRS Labs, Inc., 1, 2, 2, 0]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1104 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[c:\windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1120 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\shsvcs.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1220 / SYSTEM][C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe]  [IDT, Inc., 1.0.6087.0]
	[C:\Windows\system32\stapi32.dll]  [IDT, Inc., 1.0.6087.0]
[PID: 1444 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1460 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 1496 / SYSTEM][C:\Windows\system32\atieclxx.exe]  [AMD, 6.14.11.1033]
	[C:\Windows\system32\atiadlxx.dll]  [Advanced Micro Devices, Inc., 6.14.10.1050]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1516 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1596 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1780 / SYSTEM][C:\Windows\system32\WLANExt.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\System32\bcmihvsrv.dll]  [Broadcom Corporation, 5.10.79.5]
	[C:\Windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1812 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1952 / SYSTEM][C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe]  [Andrea Electronics Corporation, 1.0.32.3]
[PID: 1972 / SYSTEM][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe]  [Diskeeper Corporation, 13.0.835.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\MJS.dll]  [Diskeeper Corporation, 2.0.93.0]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll]  [Diskeeper Corporation, 13.0.835.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll]  [Diskeeper Corporation, 13.0.835.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll]  [Diskeeper Corporation, 3.0.39.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll]  [Diskeeper Corporation, 13.0.835.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll]  [Diskeeper Corporation, 13.0.835.0]
	[C:\Program Files\Common Files\Diskeeper Corporation\MJS\MJSCR.dll]  [Diskeeper Corporation, 2.0.93.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\NsIfaastMeas.dll]  [Diskeeper Corporation, 13.0.835.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\NsNtfsAutoAnalyze.dll]  [Diskeeper Corporation, 13.0.835.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\NsFatAutoAnalyze.dll]  [Diskeeper Corporation, 13.0.835.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\NsFatStd.dll]  [Diskeeper Corporation, 13.0.835.0]
[PID: 644 / Administrator][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\atitmmxx.dll]  [AMD, 6, 14, 11, 22]
	[C:\Windows\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2556]
[PID: 2088 / Administrator][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2120 / Administrator][C:\Windows\Explorer.EXE]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\BROWSEUI.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\authui.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\Globalization\Animated User Pic\starthook.dll]  [Andreas Verhoeven, 2, 4, 0, 0]
	[C:\Program Files\LClock\LC.dll]  [N/A, ]
	[C:\Windows\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0401]
	[C:\Windows\system32\ac3acm.acm]  [fccHandler, 1, 40, 0, 0]
	[C:\Windows\system32\lameACM.acm]  [http://www.mp3dev.org/, 0.9.2]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\Notepad++\nppcm.dll]  [Burgaud.com, 1.3]
	[C:\Program Files\Stardock\Object Desktop\IconPackager\shellext.dll]  [Stardock Corporation, 3.20.00]
	[C:\Program Files\7-Zip\7-zip.dll]  [Igor Pavlov, 4.65]
	[C:\Windows\system32\atiumdag.dll]  [ATI Technologies Inc. , 8.14.10.0678]
	[C:\Windows\system32\atiumdva.dll]  [ATI Technologies Inc. , 8.14.10.0228]
	[C:\Windows\system32\stapi32.dll]  [IDT, Inc., 1.0.6087.0]
[PID: 2160 / SYSTEM][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 2308 / Administrator][C:\Program Files\Update Checker\UpdateChecker.exe]  [FileHippo.com, 1.031.0.0]
	[C:\Windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e13c52c87b2fa9db839dfac3012dadd5\Microsoft.VisualBasic.ni.dll]  [Microsoft Corporation, 8.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
[PID: 2316 / Administrator][C:\Program Files\LClock\LClock.exe]  [, 1, 0, 0, 1]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Program Files\LClock\LC.dll]  [N/A, ]
	[C:\Windows\system32\UxTheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\LClock\Calendar.dll]  [N/A, ]
[PID: 2352 / Administrator][C:\Program Files\IDT\WDM\sttray.exe]  [IDT, Inc., 1.0.6087.0]
	[C:\Program Files\IDT\WDM\STLang.dll]  [IDT, Inc., 1.0.6087.0]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\stapi32.dll]  [IDT, Inc., 1.0.6087.0]
[PID: 2416 / Administrator][C:\Windows\Globalization\Animated User Pic\3duserpic.exe]  [Andreas Verhoeven, 1, 0, 0, 1]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\Globalization\Animated User Pic\starthook.dll]  [Andreas Verhoeven, 2, 4, 0, 0]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 2444 / Administrator][C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe]  [Advanced Micro Devices Inc., 2.0.0.0]
	[C:\Windows\system32\shell32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.3470.20910]
	[C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.3428.28296]
	[C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28303]
	[C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.3470.20908]
	[C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.3428.28310]
	[C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28310]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.3470.20910]
	[C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.3428.28297]
[PID: 3040 / Administrator][C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe]  [ATI Technologies Inc., 2.0.0.0]
	[C:\Windows\system32\shell32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.3470.20910]
	[C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.3428.28296]
	[C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.3428.28310]
	[C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.3428.28298]
	[C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28310]
	[C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.3470.20908]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28303]
	[C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.3470.20910]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3470.20825__90ba9c70f846762e\CLI.Component.SkinFactory.dll]  [Advanced Micro Devices Inc., 2.0.3470.20825]
	[C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll]  [Advanced Micro Devices Inc., 2.0.3428.28354]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3470.20824__90ba9c70f846762e\CLI.Component.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20824]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28311]
	[C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28301]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28303]
	[C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll]  [Advanced Micro Devices Inc., 2.0.0.0]
	[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll]  [Advanced Micro Devices, Inc., 2.0.3299.28586]
	[C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3470.20822__90ba9c70f846762e\AEM.Server.dll]  [Advanced Micro Devices Inc., 2.0.3470.20822]
	[C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.3428.28297]
	[C:\Windows\system32\atiadlxx.dll]  [Advanced Micro Devices, Inc., 6.14.10.1050]
	[C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28304]
	[C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3470.20921__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll]  [Advanced Micro Devices Inc., 2.0.3470.20921]
	[C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28327]
	[C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28304]
	[C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28311]
	[C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll]  [ATI Technologies Inc., 2.0.2573.17685]
	[C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2573.17684]
	[C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll]  [Advanced Micro Devices Inc., 2.0.3428.28324]
	[C:\Windows\system32\ATIDEMGX.dll]  [Advanced Micro Devices, Inc., 2.0.3470.22105]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2556]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20928]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3470.20927]
	[C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28302]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll]  [Advanced Mirco Devices, Inc., 2.0.3428.28305]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3470.20826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll]  [Advanced Mirco Devices, Inc., 2.0.3470.20826]
	[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll]  [Advanced Micro Devices, Inc., 2.0.2743.23304]
	[C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28327]
	[C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll]  [Advanced Micro Devices, Inc., 2.0.3428.28303]
	[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll]  [Advanced Micro Devices, Inc., 2.0.3015.27871]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3470.20878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20878]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28316]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28315]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28311]
	[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll]  [Advanced Micro Devices, Inc., 2.0.3057.24943]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3470.20896__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20896]
	[C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll]  [Advanced Micro Devices, Inc., 2.0.2743.23304]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28316]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28309]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3470.20835__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20835]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28312]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3470.20850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20850]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28313]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3470.20875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20875]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28314]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20870]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28314]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20876]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28312]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20869]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28314]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3470.20882__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20882]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28315]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20870]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28314]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20869]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3470.20914__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.3470.20914]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28323]
	[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll]  [Advanced Micro Devices, Inc., 2.0.2939.20866]
	[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll]  [Advanced Micro Devices, Inc., 2.0.3286.19924]
	[C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3470.20824__90ba9c70f846762e\APM.Server.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20824]
	[C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.3428.28310]
	[C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll]  [Microsoft Corporation, 2.0.50727.4016 (NetFxQFE.050727-4000)]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3470.20822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll]  [Advanced Micro Devices Inc., 2.0.3470.20822]
	[C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28329]
	[C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28311]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3470.20904__90ba9c70f846762e\CLI.Component.Systemtray.dll]  [Advanced Micro Devices Inc., 2.0.3470.20904]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll]  [Advanced Micro Devices, Inc., 2.0.3428.28308]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Component.Wizard.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20840]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28302]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28308]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28311]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20840]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28313]
	[C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3470.20939__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20939]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20915]
	[C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll]  [, 2.0.2477.16262]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28324]
	[C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll]  [ , 1.0.0.0]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20883]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3470.20891__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20891]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3470.20851__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20851]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20845]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20846]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3470.20931__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20931]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3470.20831__90ba9c70f846762e\CLI.Component.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20831]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28304]
	[C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll]  [Advanced Micro Devices Inc., 2.0.3428.28309]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3470.20835__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20835]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll]  [Advanced Micro Devices Inc., 2.0.3428.28312]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3470.20916__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll]  [Advanced Mirco Devices, Inc., 2.0.3470.20916]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20846]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3470.20941__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20941]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll]  [, 1.0.0.0]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20876]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20870]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3470.20877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20877]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3470.20865__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.3470.20865]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20883]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3470.20847__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20847]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20871]
	[C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20915]
	[C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.3470.20927]
[PID: 3804 / Administrator][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.10]
	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.10]
	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.5.9]
	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.10]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.10]
	[C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jo4vzswd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll]  [N/A, ]
	[C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jo4vzswd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll]  [N/A, ]
	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.10]
	[C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jo4vzswd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll]  [N/A, ]
	[C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jo4vzswd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll]  [N/A, ]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.73]
	[C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\PROGRA~1\Java\jre6\bin\client\jvm.dll]  [Sun Microsystems, Inc., 11.3.0.02]
	[C:\PROGRA~1\Java\jre6\bin\hpi.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\PROGRA~1\Java\jre6\bin\verify.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\PROGRA~1\Java\jre6\bin\java.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\PROGRA~1\Java\jre6\bin\zip.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\jp2native.dll]  [, ]
	[C:\Program Files\Java\jre6\bin\deploy.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\msvcr71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Java\jre6\bin\net.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\nio.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\regutils.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Windows\system32\BROWSEUI.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 4060 / Administrator][C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\PROGRA~1\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 4084 / Administrator][C:\Program Files\Java\jre6\bin\java.exe]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Program Files\Java\jre6\bin\msvcr71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Java\jre6\bin\client\jvm.dll]  [Sun Microsystems, Inc., 11.3.0.02]
	[C:\Program Files\Java\jre6\bin\hpi.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\verify.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\java.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\zip.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\jp2native.dll]  [, ]
	[C:\Program Files\Java\jre6\bin\deploy.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\regutils.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\net.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\nio.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\awt.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2660 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 6.0.6002.18005 (lh_sp2rtm.090410-1830)]
[PID: 2328 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\browseui.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1820 / Administrator][C:\Users\Administrator\Desktop\sre\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 3872 / Administrator][C:\Users\Administrator\Desktop\sre\SRE8bd9c9ea.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Windows\system32\SHELL32.dll]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
	[C:\Windows\system32\uxtheme.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Users\Administrator\Desktop\sre\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   Error. [C:\Windows\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost
::1			 localhost
127.0.0.1	   adobeereg.com
127.0.0.1	   www.adobeereg.com
127.0.0.1	   activate.adobe.com
127.0.0.1	   activate-sea.adobe.com
127.0.0.1	   activate-sjc0.adobe.com
127.0.0.1	   wwis-dubc1-vip60.adobe.com

==================================
Process Privileges Scan
Special Privileges Enabled: SeDebugPrivilege [PID = 2444, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 3040, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE]

==================================
Scheduled Tasks
[Disabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
		N/A 
[Enabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
		N/A 
[Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
		BthUdTask.exe $(Arg0)
[Enabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
		N/A 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
		%SystemRoot%\System32\wsqmcons.exe 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
		%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[Enabled] \Microsoft\Windows\Media Center\ehDRMInit
		%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[Enabled] \Microsoft\Windows\Media Center\mcupdate
		%SystemRoot%\ehome\mcupdate $(Arg0) -gc
[Enabled] \Microsoft\Windows\Media Center\OCURActivate
		%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[Enabled] \Microsoft\Windows\Media Center\OCURDiscovery
		%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery
[Enabled] \Microsoft\Windows\Media Center\UpdateRecordPath
		%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[Enabled] \Microsoft\Windows\MobilePC\HotStart
		N/A 
[Enabled] \Microsoft\Windows\MobilePC\TMM
		N/A 
[Enabled] \Microsoft\Windows\MUI\LPRemove
		%windir%\system32\lpremove.exe 
[Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
		N/A 
[Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
		N/A 
[Enabled] \Microsoft\Windows\Shell\CrawlStartPages
		N/A 
[Disabled] \Microsoft\Windows\SideShow\AutoWake
		N/A 
[Enabled] \Microsoft\Windows\SideShow\GadgetManager
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SessionAgent
		N/A 
[Disabled] \Microsoft\Windows\SideShow\SystemDataProviders
		N/A 
[Enabled] \Microsoft\Windows\SystemRestore\SR
		%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
		sc.exe config upnphost start= auto
[Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
		%windir%\system32\wermgr.exe -queuereporting
[Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
		%windir%\system32\gatherWiredInfo.vbs 
[Enabled] \Microsoft\Windows\Wireless\GatherWirelessInfo
		%windir%\system32\gatherWirelessInfo.vbs 

==================================
Windows Security Update Check
KB932926,  BitLocker and EFS enhancements 
KB932925,  Hold Em Poker Game 
KB941236,  Windows DreamScene Content Pack Favorites 
KB931133,  Windows DreamScene Content Pack 
KB944427,  Windows DreamScene Content Pack #3 
KB954955,  Microsoft Tinker 
KB944428,  Windows DreamScene Content Pack #4 
KB928439,  Windows PowerShell 1.0 for Windows Vista (KB928439) 
KB961501,  Security Update for Windows Vista (KB961501) MS09-022
KB968537,  Security Update for Windows Vista (KB968537) MS09-025
KB970238,  Security Update for Windows Vista (KB970238) MS09-026
KB967632,  Cumulative Update for Media Center for Windows Vista (KB967632) 
KB943729,  Group Policy Preference Client Side Extensions for Windows Vista (KB943729) 
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86 
KB971183,  Arabic Language Pack 
KB971183,  Bulgarian Language Pack 
KB971183,  Croatian Language Pack 
KB971183,  Czech Language Pack 
KB971183,  Danish Language Pack 
KB971183,  Estonian Language Pack 
KB971183,  Finnish Language Pack 
KB971183,  French Language Pack 
KB971183,  German Language Pack 
KB971183,  Greek Language Pack 
KB971183,  Hebrew Language Pack 
KB971183,  Hungarian Language Pack 
KB971183,  Italian Language Pack 
KB971183,  Spanish Language Pack 
KB971183,  Chinese (Simplified) Language Pack 
KB971183,  Chinese (Traditional) Language Pack 
KB971183,  Dutch Language Pack 
KB971183,  Japanese Language Pack 
KB971183,  Korean Language Pack 
KB971183,  Latvian Language Pack 
KB971183,  Lithuanian Language Pack 
KB971183,  Norwegian Language Pack 
KB971183,  Polish Language Pack 
KB971183,  Portuguese (Brazil) Language Pack 
KB971183,  Portuguese (Portugal) Language Pack 
KB971183,  Romanian Language Pack 
KB971183,  Russian Language Pack 
KB971183,  Serbian (Latin) Language Pack 
KB971183,  Slovak Language Pack 
KB971183,  Slovenian Language Pack 
KB971183,  Swedish Language Pack 
KB971183,  Thai Language Pack 
KB971183,  Turkish Language Pack 
KB971183,  Ukrainian Language Pack 
KB961371,  Security Update for Windows Vista (KB961371) MS09-029
KB973346,  Cumulative Security Update for ActiveX Killbits for Windows Vista (KB973346) MS09-032
KB972260,  Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB972260) MS09-034
KB968389,  Update for Windows Vista (KB968389) 
KB971557,  Security Update for Windows Vista (KB971557) MS09-038
KB973540,  Security Update for Windows Vista (KB973540) MS09-037
KB956744,  Security Update for Windows Vista (KB956744) MS09-044
KB973507,  Security Update for Windows Vista (KB973507) MS09-037
KB971657,  Security Update for Windows Vista (KB971657) MS09-041
KB970653,  Update for Windows Vista (KB970653) 
KB973768,  Security Update for Windows Vista (KB973768) MS09-037
KB973874,  Update for Internet Explorer 8 Compatibility View List for Windows Vista (KB973874) 
KB972036,  Update for Windows Vista (KB972036) 
KB905866,  Update for Windows Mail Junk E-mail Filter [September 2009] (KB905866) 
KB967723,  Security Update for Windows Vista (KB967723) MS09-048
KB970710,  Security Update for Windows Vista (KB970710) MS09-049
KB890830,  Windows Malicious Software Removal Tool - September 2009 (KB890830) 
KB971961,  Security Update for Jscript 5.8 for Windows Vista (KB971961) MS09-045
KB968816,  Security Update for Windows Media Format Runtime 11 for Windows Vista (KB968816) MS09-047

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 09 September 2009 - 12:54 PM

Ok this is good.. now we need for you to start a topic here. Put a link to this topic and mention that System Repair Engineer was the only thing you could run.

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the above log.

Let me know how that went.

Edited by boopme, 09 September 2009 - 12:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:26 PM

Posted 09 September 2009 - 07:41 PM

Hello,

I have pasted your log into your topic in the HiJack This forum here: http://www.bleepingcomputer.com/forums/t/256517/have-new-rootkit-variant-who-wants-a-challenge/

Now comes the hard part: waiting.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users